Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WEB_APPLICATION_SCANNING_98561
HistoryNov 05, 2018 - 12:00 a.m.

Drupal 8.5.x < 8.5.0-rc1 Multiple Vulnerabilities

2018-11-0500:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
55
JSON

According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities :

  • A flaw exists with the Comment Reply Form. An authenticated remote attacker could add or view comments that they do not have access to. (CVE-2017-6926)

  • A flaw exists with the Drupal.checkPlain() function due to improper handling of HTML injection. A remote attacker, with a specially crafted request, could potentially execute arbitrary script code within the trust relationship between the browser and server. (CVE-2017-6927)

  • A flaw exists with node access controls with a multilingual site due to defaulting to the untranslated version as a fallback. A remote attacker could potentially bypass access restrictions. (CVE-2017-6930)

  • A flaw exists with the Settings Tray module. A remote attacker could update data the do not have permission for. (CVE-2017-6931)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data
VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*

Related

nessus 12
fedora 14
openvas 16
freebsd 1
github 4
veracode 4
osv 10
prion 4
cve 4
seebug 1
debiancve 1
ubuntucve 1
debian 1
nessus
nessus
Drupal 8.x < 8.4.5 Multiple Vulnerabilities (SA-CORE-2018-001)
2018-03-01 00:00:00
Drupal 8.x < 8.4.5 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 7.x < 7.57 Multiple Vulnerabilities
2018-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: drupal7-7.58-1.fc27
2018-04-10 19:11:10
[SECURITY] Fedora 26 Update: drupal7-7.58-1.fc26
2018-04-10 18:30:33
[SECURITY] Fedora 28 Update: drupal7-7.58-1.fc28
2018-04-03 13:29:13
openvas
openvas
Fedora Update for drupal7 FEDORA-2018-d8269e4262
2018-04-11 00:00:00
Drupal Core Multiple Vulnerabilities (SA-CORE-2018-001) - Windows
2018-02-22 00:00:00
Fedora Update for drupal7 FEDORA-2018-143886fdbd
2018-04-11 00:00:00
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2018-02-21 00:00:00
github
github
Drupal Comment reply form allows access to restricted content
2022-05-14 03:35:57
Drupal access bypass vulnerability
2022-05-13 01:46:48
Drupal Settings Tray access bypass
2022-05-13 01:46:49
veracode
veracode
Access Restriction Bypass
2018-05-31 05:06:29
Unauthorized Access
2018-05-31 04:23:58
Cross-site Scripting (XSS)
2018-05-11 09:03:36
osv
osv
Drupal access bypass vulnerability
2022-05-13 01:46:48
Drupal Comment reply form allows access to restricted content
2022-05-14 03:35:57
CVE-2017-6926
2018-03-01 23:29:00
prion
prion
Design/Logic Flaw
2018-03-01 23:29:00
Code injection
2018-03-01 23:29:00
Heap overflow
2018-03-01 23:29:00
cve
cve
CVE-2017-6930
2018-03-01 23:29:00
CVE-2017-6926
2018-03-01 23:29:00
CVE-2017-6927
2018-03-01 23:29:00
seebug
seebug
Drupal 8 – CVE-2017-6926漏洞详解
2018-04-03 00:00:00
debiancve
debiancve
CVE-2017-6927
2018-03-01 23:29:00
ubuntucve
ubuntucve
CVE-2017-6927
2018-03-01 00:00:00
debian
debian
[SECURITY] [DLA 1295-1] drupal7 security update
2018-02-28 15:16:47
JSON
Related for WEB_APPLICATION_SCANNING_98561
nessus12fedora14openvas16freebsd1github4veracode4osv10prion4cve4seebug1debiancve1ubuntucve1debian1